General

  • Target

    fe5daf2a34ece1de2bac1e4ee5ddbf05d4100038f1294bbb4d0bd785e342c073

  • Size

    660KB

  • Sample

    241106-ajk35ssdqj

  • MD5

    0351aec18647dc4d54d23f65b391ef12

  • SHA1

    b22c383e507015277e4e862b5ffff8648d2feb91

  • SHA256

    fe5daf2a34ece1de2bac1e4ee5ddbf05d4100038f1294bbb4d0bd785e342c073

  • SHA512

    0cde136c3950371f795a3ab38e6a9afc2e122b8994895a616f3cc04ed2a663126a96b341a288316aa6479a79b9a82d1773324ec60f82eb213864068a84e93528

  • SSDEEP

    12288:MMrey90oM2BPLqfDZd7GiHWmizCwe2ShwTeH8e51YnyzM7Ppi89wk/aT4cN:yyVBPIZd7cmiz0we8e51YnyzuBi89za5

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

dozt

C2

77.91.124.145:4125

Attributes
  • auth_value

    857bdfe4fa14711025859d89f18b32cb

Targets

    • Target

      fe5daf2a34ece1de2bac1e4ee5ddbf05d4100038f1294bbb4d0bd785e342c073

    • Size

      660KB

    • MD5

      0351aec18647dc4d54d23f65b391ef12

    • SHA1

      b22c383e507015277e4e862b5ffff8648d2feb91

    • SHA256

      fe5daf2a34ece1de2bac1e4ee5ddbf05d4100038f1294bbb4d0bd785e342c073

    • SHA512

      0cde136c3950371f795a3ab38e6a9afc2e122b8994895a616f3cc04ed2a663126a96b341a288316aa6479a79b9a82d1773324ec60f82eb213864068a84e93528

    • SSDEEP

      12288:MMrey90oM2BPLqfDZd7GiHWmizCwe2ShwTeH8e51YnyzM7Ppi89wk/aT4cN:yyVBPIZd7cmiz0we8e51YnyzuBi89za5

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks